PUBLIC MARKS from camel with tags qmail & check

July 2008

The original qmail-smtpd accepts by default all messages, checking later for the existence of recipients. So, if the message is delivered to not existing recipients, a lot of additional system work and network traffic are generated, with multiple expensive bouncing if the sender is a fake one.
chkuser has been developed with the goal to improve the acceptance SMTP phase of qmail-smtpd. qmail-smtpd patched with chkuser may check the existence of e-mail recipients immediately in the SMTP acceptance phase of a message and rejects instantly all messages not directed to existing users, avoiding additional traffic, work and messages bounced more times.

January 2008

qmail-smtpd executes as a qmail dedicated user, communicating on the external SMTP side using a socket connection, and talking to the internal processing section using a pipe.
This architecture is very secure, as qmail-smtpd is allowed to read/write only what it owns (practically nothing), and, the eventual break of qmail-smtpd by a cracker would have a minimal impact on the safety of the system.